I currently have RBL checks turned off on our SA 2.6. We do our RBL checks at the firewall. Can SA do the RBL checks from within our network behind a virus appliance, or does it just check the last hop that was made. The reason I ask this is that I do not have control over our firewall so I can not get any decent reporting about what is going on.
SA does RBL checks against all the IPs in all the Recieved: headers of the message. SA is in fact not even directly aware what machine directly delivered the message to your local host, it figures that out from the headers too.
The only things the SA box needs to be able to do from behind the firewall or virus appliance to do RBL checks are
1) good headers, if your virus box mangles emails and strips off the Received: headers, then RBL checks won't work
2) the ability to resolve DNS queries, which most hosts inside a network can do.
Also of note, if your internal host running SA is a NAT'ed private IP, be sure to set the trusted_networks variable in your local.cf file manually, otherwise SA can in some cases fail to properly skip the first hop of the "not first hop" type dialup RBLs.
I discovered this on a mailserver which has a static 1-1 NAT mapping. (I use the static NAT for my mailserver so I'm not wasting public IPs by using public IPs for my DMZ subnet's routing).
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
